Enabling WPA2-Enterprise in Windows Vista and Windows 7
It is important to manually configure WPA2-Enterprise for your wireless network profile in Windows Vista and Windows 7. You must not be in the process of associating to the SSID because the configurations will not save correctly. Follow the steps below to configure WPA2-Enterprise.
- In Windows, navigate to Control Panel > Network and Internet > Network and Sharing Center.
- Click Manage Wireless networks.
- Click Add.
- Choose Manually create a network profile.
- On the next page, enter the following:
- Network name: This is the SSID name. It is case sensitive.
- Security type: Choose WPA2-Enterprise.
- Encryption type: Choose AES.
- Check Start this connection automatically if you want Windows to connect to this network automatically.
- Check Connect even if the network is not broadcasting if the SSID is hidden and you want Windows to connect to this network automatically.
Click Next.
If the RADIUS server has a certificate that may not be trusted by the wireless client or is not a member of the domain in which the RADIUS server resides, on the “Successfully added” page, click Change connection settings.
- Choose the Security tab.
- Click Settings.
- Uncheck Validate server certificate if the wireless client may not trust the RADIUS server certificate.
- For the Authentication Method, choose EAP-MSCHAP v2.
- Click Configure.
- Uncheck Automatically use my Windows logon on name and password if the computer is not on the domain.
- Click OK.
It may be required to specify user or computer authentication based on whether the client is part of the domain or if machine or user authentication is a condition of the RADIUS policy.
To choose user or computer authentication, from the Security tab,
a) Click Advanced settings.
b) Select the 802.1X settingstab.
c) Check Specify authentication mode.
d) Choose User or computer authentication. Or choose an alternate option if required.
e) Click OK to close out.
Note: Your computer will use your Windows logon credentials and domain unless you uncheck the box as shown in the Step 12 screenshot.
WPA2-Enterprise with 802.1X Authentication
RADIUS: Configuring PEAP EAP-MSCHAPv2